search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
541 stars 48 forks source link

Test and document VPN ProxyVM between anon-whonix and sys-whonix #2060

Closed andrewdavidwong closed 8 years ago

andrewdavidwong commented 8 years ago

Patrick Schleizer wrote:

Andrew David Wong:

On 2016-06-08 13:15, a...r@s...t.org wrote:

Hello I read the guide on whonix site about how setup a VPN in workstation but it is old and my VPN is a little different, it has a GUI interface but also a setup for Open VPN (to work i have to use GUI). Do I setup like a normal VPN in debian (network connection, import configuration, certificate etc...) and change firewall?

Thank you

Take a look at our VPN documentation if you haven't already. It was recently updated:

https://www.qubes-os.org/doc/vpn/

VPN in Whonix-Gateway results in:

  • a) Connecting to a VPN before Tor
  • a) User -> proxy/VPN/SSH -> Tor -> Internet

VPN in Whonix-Workstation results in:

  • b) Connecting to Tor before a VPN
  • b) User -> Tor -> proxy/VPN/SSH -> Internet

These use cases are very different.

See also: https://www.whonix.org/wiki/Tunnels/Introduction

https://www.qubes-os.org/doc/vpn/ is closer to:

  • a) Connecting to a VPN before Tor
  • a) User -> proxy/VPN/SSH -> Tor -> Internet

It would be interesting to wretch a Qubes VPN ProxyVM between Whonix-Workstation and Whonix-Gateway. I.e. anon-whonix -> sys-vpn -> sys-whonix. Which would then result in b).

You might still need bits from chapter "Prevent Bypassing the Tunnel-Link"

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Prevent_Bypassing_the_Tunnel-Link

Although it would not be for purposes of "Prevent Bypassing the Tunnel-Link", but for connectivity. The following from that chapter would still be required:

  • deactivate uwt wrappers
  • Tor Browser Remove Proxy Settings
  • Deactivate Misc Proxy Settings

So new documentation would be required for this. A lot stuff could be re-used since all of the three above are wiki templates.

Anyone interested in this? Up to try this, document this, etc.?

Cheers, Patrick

adrelanos commented 8 years ago

https://forums.whonix.org/t/setup-a-vpn-in-proxyvm-over-sys-whonix

adrelanos commented 8 years ago

This is now documented here: https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN#Separate_VPN-Gateway

Recommended order of reading:

andrewdavidwong commented 8 years ago

@adrelanos: So, what (if anything) still needs to be done for this issue?

adrelanos commented 8 years ago

Closeable. For any eventual follow up issues, new issues could be created.